Document MASA audit

3 files changed, 22 insertions, 0 deletions

diff --git a/audits/2025-02-24-nccgroup-android-masa.md b/audits/2025-02-24-nccgroup-android-masa.md
new file mode 100644
index 0000000000..f6ac0c2e1a
--- /dev/null
+++ b/audits/2025-02-24-nccgroup-android-masa.md
@@ -0,0 +1,16 @@
+# 2025-02-24 - NCC Group MASA of our Android app
+
+A team from NCC Group conducted a Mobile Application Security Assessment (MASA)
+of our Android app.
+
+# Result
+
+The Android app passed all controls.
+
+## MASA certificate
+
+The MASA certificate is hosted by App Defence Alliance:
+* [2025-02-24 MASA certificate](https://appdefensealliance.dev/reports/net.mullvad.mullvadvpn_1740398400000000.pdf)
+
+We also host certificate in our repository:
+* [2025-02-24 MASA certificate](2025-02-24-nccgroup-android-masa.pdf)
diff --git a/audits/2025-02-24-nccgroup-android-masa.pdf b/audits/2025-02-24-nccgroup-android-masa.pdf
new file mode 100644
index 0000000000..aa429d01a8
--- /dev/null
+++ b/audits/2025-02-24-nccgroup-android-masa.pdf
diff --git a/audits/README.md b/audits/README.md
index 5d0773a471..fe7712c0f1 100644
--- a/audits/README.md
+++ b/audits/README.md
@@ -11,3 +11,9 @@ performed on this app so far:
 * [2020-06-12 - Cure53](./2020-06-12-cure53.md)
 * [2022-10-14 - Atredis](./2022-10-14-atredis.md)
 * [2024-12-10 - X41 D-Sec](./2024-12-10-X41-D-Sec.md)
+
+## Additional audits and certifications
+
+Apart from the biannual audits mentioned above, we've also conducted the the following:
+
+* [2025-02-24 - NCC Group Mobile Application Security Assessment (MASA) of the Android app](./2025-02-24-nccgroup-android-masa.md)